Remote MySQL backend encryption

John Dennis jdennis at redhat.com
Mon Apr 26 21:04:17 CEST 2010


On 04/26/2010 01:57 PM, Eric.Hernandez at allegiantair.com wrote:
> Hi,
>
> I am trying to figure out if need to encrypt my traffic from a
> FreeRadius server to a remote MySQL backend.
>
> I have the following setup.
>
> FreeRadius/MySQL (Server1)
>
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL
> Master to Master (ssl) Replication
>
> Now I want to add a third FreeRadius server without a local MySQL Backend.
>
> So this third server will point to either Server1 or Server2 which runs
> MySQL but will these request be sent to the remote MySQL Servers in
> clear text?

This has nothing to do with how many MySQL servers you've got or how 
you're doing replication, encryption occurs on a per connection basis 
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never 
opens an encrypted session with it's server because rlm_sql_mysql does 
not have an option to set SSL/TLS transport (e.g. does not call 
mysql_ssl_set()). That probably would be a good feature to add.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list